Certificate Transparency (CT) is "an ecosystem that makes the issuance of website certificates transparent and verifiable". It's an internet security protocol where certificates are logged centrally as they are issued by a certificate authority (CA), and modern browsers only trust CAs that log certificates. This allows the public and site operators to see what certificates a CA has issued for a given hostname.
The .gov team has access to a CT search API. With it, we can search a given domain name and pull all certificates (or certain fields in those certificates) across an entire namespace. This is one approach to help us better maintain a ".gov inventory", as required by the DOTGOV Act.
Issue description
Certificate Transparency (CT) is "an ecosystem that makes the issuance of website certificates transparent and verifiable". It's an internet security protocol where certificates are logged centrally as they are issued by a certificate authority (CA), and modern browsers only trust CAs that log certificates. This allows the public and site operators to see what certificates a CA has issued for a given hostname.
The .gov team has access to a CT search API. With it, we can search a given domain name and pull all certificates (or certain fields in those certificates) across an entire namespace. This is one approach to help us better maintain a ".gov inventory", as required by the DOTGOV Act.
Acceptance criteria
Additional context
Note: as a research ticket, please timebox this effort per the story points.
Links to other issues
No response